Primary Vendor -- Product | Description | | CVSS Score | Source & Patch Info | Chamberland Technology -- ezWaiter Online
| Multiple cross-site scripting (XSS) vulnerabilities in Chamberland Technology ezWaiter 3.0 Online and possibly Enterprise Software (aka enterprise edition) allow remote attackers to inject arbitrary web script or HTML via the (1) itemfor (aka "Who is this item for?") and (2) special (aka "Special Instructions") parameters to item.php, which is accessed from showorder.php, or (3) unspecified parameters to the login form at login.php. | | 4.7 | CVE-2006-3613 BUGTRAQ BID
| Cisco -- Unified CallManager
| Unspecified vulnerability in the command line interface (CLI) in Cisco Unified CallManager (CUCM) 5.0(1) through 5.0(3a) allows local users to execute arbitrary commands with elevated privileges via unspecified vectors, involving "certain CLI commands," aka bug CSCse11005. | | 4.9 | CVE-2006-3592 CISCO FRSIRT SECUNIA XF
| Czaries Network -- CzarNews
| PHP remote file inclusion vulnerability in CzarNews 1.12 through 1.14 allows remote attackers to execute arbitrary PHP code via a URL in the tpath parameter to cn_config.php. NOTE: the news.php vector is already covered by CVE-2005-0859. | | 5.6 | CVE-2006-3685 OTHER-REF SECUNIA
| Edgewall Software -- Trac
| Unspecified vulnerability in Trac before 0.9.6 allows remote attackers to cause a denial of service or obtain sensitive information via unspecified vectors involving "reStructuredText". NOTE: this might be related to CVE-2006-3458. | | 4.7 | CVE-2006-3695 OTHER-REF FRSIRT SECTRACK
| Finjan -- Finjan Appliance 5100/8100
| Finjan Appliance 5100/8100 NG 8.3.5 stores passwords in plaintext in a backup file, which allows local users to gain privileges. | | 4.9 | CVE-2006-3663 FULLDISC BID XF
| InterVations -- FileCOPA FTP Server
| Buffer overflow in FileCOPA FTP Server before 1.01 released on 18th July 2006, allows remote authenticated attackers to execute arbitrary code via a long argument to the LIST command. | | 4.2 | CVE-2006-3726 OTHER-REF FRSIRT SECUNIA
| libtunepimp -- libtunepimp
| Multiple stack-based buffer overflows in the LookupTRM::lookup function in libtunepimp 0.4.2 allow remote user-complicit attackers to cause a denial of service (application crash) and possibly execute code via a long (1) Album release date (MBE_ReleaseGetDate), (2) data, or (3) error strings. | | 5.6 | CVE-2006-3600 OTHER-REF UBUNTU BID SECUNIA SECUNIA
| Linux -- Linux kernel
| Race condition in Linux kernel 2.6.17.4 and earlier allows local users to gain root privileges by using prctl with PR_SET_DUMPABLE in a way that causes /proc/self/environ to become setuid root. | | 5.6 | CVE-2006-3626 FULLDISC
| Microsoft -- PowerPoint
| Unspecified vulnerability in mso.dll, as used by Microsoft PowerPoint 2000 through 2003, allows remote user-complicit attackers to execute arbitrary commands via a crafted PPT file, which causes a "memory corruption error," and exploited by Trojan.PPDropper.B. NOTE: As of 20060714, due to the vagueness of the initial disclosure, it is uncertain whether this is related to CVE-2006-1540 or CVE-2006-3493. | | 5.6 | CVE-2006-3590 OTHER-REF OTHER-REF OTHER-REF CERT-VN BID FRSIRT
| Microsoft -- PowerPoint
| Unspecified vulnerability in mso.dll in Microsoft PowerPoint 2003 allows user-complicit attackers to execute arbitrary code via a crafted PowerPoint file. NOTE: due to the lack of available details as of 20060717, it is unclear how this is related to CVE-2006-3656, CVE-2006-3660, and CVE-2006-3590, although it is possible that they are all different. | | 5.6 | CVE-2006-3655 BUGTRAQ BID FRSIRT
| Microsoft -- PowerPoint
| Unspecified vulnerability in Microsoft PowerPoint 2003 has unknown impact and user-complicit attack vectors related to powerpnt.exe. NOTE: due to the lack of available details as of 20060717, it is unclear how this is related to CVE-2006-3655, CVE-2006-3656, and CVE-2006-3590, although it is possible that they are all different. | | 5.6 | CVE-2006-3660 BUGTRAQ BID FRSIRT
| Oracle -- Oracle Database Server
| Unspecified vulnerability in the Core RDBMS component in Oracle Database 9.0.1.5 and 9.2.0.6 has unknown impact and attack vectors, aka Oracle Vuln# DB02. | | 4.9 | CVE-2006-3699 OTHER-REF OTHER-REF BID FRSIRT
| Oracle -- Oracle Database Server
| Multiple unspecified vulnerabilities in Oracle Database 9.2.0.6 and 10.1.0.4 have unknown impact and attack vectors, aka Oracle Vuln# (1) DB04 for Web Distributed Authoring and Versioning (DAV) and (2) DB23 for XMLDB. | | 4.9 | CVE-2006-3700 OTHER-REF OTHER-REF BID FRSIRT
| Oracle -- Oracle Database Server
| Unspecified vulnerability in the Dictionary component in Oracle Database 8.1.7.4, 9.0.1.5, and 9.2.0.6 has unknown impact and attack vectors, aka Oracle Vuln# DB05. | | 4.9 | CVE-2006-3701 OTHER-REF OTHER-REF BID FRSIRT
| Oracle -- Oracle Database Server
| Multiple unspecified vulnerabilities in Oracle Database 8.1.7.4, 9.0.1.5, 9.2.0.7, 10.1.0.5, and 10.2.0.2 have unknown impact and attack vectors, aka Oracle Vuln# (1) DB06 in Export; (2) DB08, (3) DB09, (4) DB10, (5) DB11, (6) DB12, (7) DB13, (8) DB14, and (9) DBC01 for OCI; (10) DB16 for Query Rewrite/Summary Mgmt; (11) DB17, (12) DB18, (13) DB19, (14) DBC02, (15) DBC03, and (16) DBC04 for RPC; and (17) DB20 for Semantic Analysis. | | 4.9 | CVE-2006-3702 OTHER-REF OTHER-REF BID FRSIRT
| Oracle -- Oracle Database Server
| Unspecified vulnerability in InterMedia for Oracle Database 9.0.1.5, 9.2.0.6, and 10.1.0.4 has unknown impact and attack vectors, aka oracle Vuln# DB07. | | 4.9 | CVE-2006-3703 OTHER-REF OTHER-REF BID FRSIRT
| Oracle -- Oracle Database Server
| Unspecified vulnerability in the Oracle ODBC Driver for Oracle Database 10.1.0.4 has unknown impact and attack vectors, aka Oracle Vuln# 10.1.0.4. | | 4.9 | CVE-2006-3704 OTHER-REF OTHER-REF BID FRSIRT
| Oracle -- Oracle Database Server
| Multiple unspecified vulnerabilities in Oracle Database 10.1.0.5 have unknown impact and attack vectors, aka Oracle Vuln# (1) DB21 for Statistics and (2) DB22 for Upgrade & Downgrade. | | 4.9 | CVE-2006-3705 OTHER-REF OTHER-REF BID FRSIRT
| Oracle -- Application Server 10g
| Unspecified vulnerability in OC4J for Oracle Application Server 9.0.2.3 has unknown impact and attack vectors, aka Oracle Vuln# AS01. | | 4.9 | CVE-2006-3706 OTHER-REF OTHER-REF BID FRSIRT
| Oracle -- Application Server 10g
| Unspecified vulnerability in OC4J for Oracle Application Server 9.0.2.3 and 9.0.3.1 has unknown impact and attack vectors, aka Oracle Vuln# AS02. | | 4.9 | CVE-2006-3707 OTHER-REF OTHER-REF BID FRSIRT
| Oracle -- Application Server 10g
| Unspecified vulnerability in OC4J for Oracle Application Server 9.0.2.3, 9.0.3.1, 9.0.4.2, 10.1.2.0.2, and 10.1.2.1 has unknown impact and attack vectors, aka Oracle Vuln# AS03. | | 4.9 | CVE-2006-3708 OTHER-REF OTHER-REF BID FRSIRT
| Oracle -- Oracle9i Application Server Oracle -- Oracle10g Application Server
| Unspecified vulnerability in OC4J for Oracle Application Server 9.0.2.3, 9.0.3.1, and 10.1.2.0.0 has unknown impact and attack vectors, aka Oracle Vuln# AS04. | | 4.9 | CVE-2006-3709 OTHER-REF OTHER-REF BID FRSIRT
| Oracle -- Oracle9i Application Server Oracle -- Oracle10g Application Server
| Unspecified vulnerability in OC4J for Oracle Application Server 9.0.2.3, 9.0.3.1, 9.0.4.2, and 10.1.2.0.0 has unknown impact and attack vectors, aka Oracle Vuln# (1) AS05 and (2) AS08. | | 4.9 | CVE-2006-3710 OTHER-REF OTHER-REF BID FRSIRT
| Oracle -- Oracle9i Application Server Oracle -- Oracle10g Application Server
| Unspecified vulnerability in OC4J for Oracle Application Server 9.0.2.3, 9.0.3.1, and 9.0.4.1 has unknown impact and attack vectors, aka Oracle Vuln# AS06. | | 4.9 | CVE-2006-3711 OTHER-REF OTHER-REF BID FRSIRT
| Oracle -- Oracle10g Application Server
| Unspecified vulnerability in OC4J for Oracle Application Server 9.0.4.2 and 10.1.2.0.0 has unknown impact and attack vectors, aka Oracle Vuln# AS07. | | 4.9 | CVE-2006-3712 OTHER-REF OTHER-REF BID FRSIRT
| Oracle -- Oracle10g Application Server
| Unspecified vulnerability in OC4J for Oracle Application Server 10.1.3.0 has unknown impact and attack vectors, aka Oracle Vuln# AS09. | | 4.9 | CVE-2006-3713 OTHER-REF OTHER-REF BID FRSIRT
| Oracle -- Oracle10g Application Server
| Unspecified vulnerability in OC4J for Oracle Application Server 10.1.2.0.2 and 10.1.2.1 has unknown impact and attack vectors, aka Oracle Vuln# AS10. | | 4.9 | CVE-2006-3714 OTHER-REF OTHER-REF BID FRSIRT
| Oracle -- Collaboration Suite Release 1
| Unspecified vulnerability in Calendar for Oracle Collaboration Suite 10.1.2 has unknown impact and attack vectors, aka Oracle Vuln# OCS01. | | 4.9 | CVE-2006-3715 OTHER-REF OTHER-REF BID FRSIRT
| Oracle -- Oracle E-Business Suite and Applications
| Multiple unspecified vulnerabilities in Oracle E-Business Suite and Applications 11.5.10CU2 have unknown impact and attack vectors, aka Oracle Vuln# (1) APPS01 for Internet Expenses; (2) APPS02, (3) APPS05, (4) APPS06, (5) APPS07, (6) APPS08, (7) APPS09, and (8) APPS10 for Oracle Application Object Library; (9) APPS11, (10) APPS12, and (11) APPS13 for Oracle Applications Technology Stack; (12) APPS14 for Oracle Call Center Technology; (13) APPS15 for Oracle Common Applications; (14) APPS18 for Oracle Self-Service Web Applications; and (15) APPS19 for Oracle Workflow Cartridge. | | 4.9 | CVE-2006-3716 OTHER-REF OTHER-REF BID FRSIRT
| Oracle -- Oracle E-Business Suite and Applications
| Multiple unspecified vulnerabilities in Oracle E-Business Suite and Applications 11.5.9 have unknown impact and attack vectors, aka Oracle Vuln# (1) APPS03 and (2) APPS04 for Oracle Application Object Library; and (3) APPS20 for Oracle XML Gateway. | | 4.9 | CVE-2006-3717 OTHER-REF OTHER-REF BID FRSIRT
| Oracle -- Oracle Exchange
| Multiple unspecified vulnerabilities in Oracle Exchange for Oracle E-Business Suite and Applications 6.2.4 have unknown impact and attack vectors, aka Oracle Vuln# (1) APPS16 and (2) APPS17. | | 4.9 | CVE-2006-3718 OTHER-REF OTHER-REF BID FRSIRT
| Oracle -- Oracle Enterprise Manager
| Unspecified vulnerability in CORE: Repository for Oracle Enterprise Manager 9.0.1.0 and 9.2.0.1 has unknown impact and attack vectors, aka Oracle Vuln# EM01. | | 4.9 | CVE-2006-3719 OTHER-REF OTHER-REF BID FRSIRT
| Oracle -- Oracle Enterprise Manager
| Unspecified vulnerability in Enterprise Config Management for Oracle Enterprise Manager 10.1.0.3 has unknown impact and attack vectors, aka Oracle Vuln# EM02. | | 4.9 | CVE-2006-3720 OTHER-REF OTHER-REF BID FRSIRT
| Oracle -- Oracle Enterprise Manager
| Multiple unspecified vulnerabilities in Oracle Management Service for Oracle Enterprise Manager 10.1.0.5 and 10.2.0.1 have unknown impact and attack vectors, aka Oracle Vuln# EM03 and EM04. | | 4.9 | CVE-2006-3721 OTHER-REF OTHER-REF BID FRSIRT
| Oracle -- PeopleSoft Enterprise
| Unspecified vulnerability in PeopleSoft Enterprise Portal for Oracle PeopleSoft Enterprise Portal 8.4 Bundle #16, 8.8 Bundle #10, and 8.9 Bundle #3 has unknown impact and attack vectors, aka Oracle Vuln# PSE01. | | 4.9 | CVE-2006-3722 OTHER-REF OTHER-REF BID FRSIRT
| Oracle -- PeopleSoft Enterprise
| Unspecified vulnerability in PeopleSoft Enterprise Portal for Oracle PeopleSoft Enterprise Portal 8.8 with Enforcer Portal Pack Bundle #10 and 8.9 Bundle #3 has unknown impact and attack vectors, aka Oracle Vuln# PSE02. | | 4.9 | CVE-2006-3723 OTHER-REF OTHER-REF BID FRSIRT
| Oracle -- JD Edwards EnterpriseOne
| Unspecified vulnerability in JD Edwards HTML Server for Oracle OneWorld Tools EnterpriseOne Tools 8.95 and 8.96 has unknown impact and attack vectors, aka Oracle Vuln# JDE01. | | 4.9 | CVE-2006-3724 OTHER-REF OTHER-REF BID FRSIRT
| Phorum -- Phorum
| Multiple PHP remote file inclusion vulnerabilities in Phorum 5.1.14, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via unspecified vectors related to an uninitialized variable. | | 5.6 | CVE-2006-3615 OTHER-REF
| Pixelated By Lev -- Pixelated By Lev Guestbook
| Cross-site scripting (XSS) vulnerability in pblguestbook.php in Pixelated By Lev (PBL) Guestbook 1.32 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) name, (2) message (aka comments), (3) website, and (4) email parameters, which bypasses XSS protection mechanisms that check for SCRIPT tags but not others, as demonstrated by a javascript URI in an onMouseOver attribute and the src attribute in an iframe tag. NOTE: some vectors might overlap CVE-2006-2975, although the use of alternate manipulations makes it unclear. | | 4.7 | CVE-2006-3617 BUGTRAQ OTHER-REF
| Rocks Clusters -- Rocks Clusters
| Rocks Clusters 4.1 and earlier allows local users to gain privileges via commands enclosed with escaped backticks (\`) in an argument to the (1) mount-loop (mount-loop.c) or (2) umount-loop (umount-loop.c) command, which is not filtered in a system function call. | | 4.9 | CVE-2006-3693 BUGTRAQ OTHER-REF OTHER-REF OTHER-REF BID FRSIRT SECUNIA XF
| Seyeon -- FlexWATCH Network Camera
| Cross-site scripting (XSS) vulnerability in index.php in FlexWATCH Network Camera 3.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the URL. | | 4.7 | CVE-2006-3603 BUGTRAQ OTHER-REF BID SECUNIA XF
| Yukihiro Matsumoto -- Ruby
| Multiple unspecified vulnerabilities in Ruby before 1.8.5 allow remote attackers to bypass "safe level" checks via unspecified vectors involving (1) the alias function and (2) "directory operations". | | 4.7 | CVE-2006-3694 OTHER-REF OTHER-REF BID FRSIRT SECUNIA XF
|